FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Dokuwiki -- cross site scripting vulnerability

Affected packages
dokuwiki < 20110525a

Details

VuXML ID 0b535cd0-9b90-11e0-800a-00215c6a37bb
Discovery 2011-06-14
Entry 2011-06-20

Dokuwiki reports:

We just released a Hotfix Release "2011-05-25a Rincewind". It contains the following changes:

Security fix for a Cross Site Scripting vulnerability. Malicious users could abuse DokuWiki's RSS embedding mechanism to create links containing arbitrary JavaScript. Note: this security problem is present in at least Anteater and Rincewind but probably in older releases as well.

References

URL http://www.freelists.org/post/dokuwiki/Hotfix-Release-20110525a-Rincewind